Block or Ignore devices that left the company
Please add an option for devices leaving the company with the Cloud Endpoint solution installed (by mistake, not having possibility to uninstall, theft etc).
My suggestion would be an "ignore/block" option, where the Endpoint won't be able to update anymore (SAU) and doesn't appear in the console either.

We intend to modify the “delete” function so that devices have the protection software removed and tamper protection disabled. They will not show in the admin UI (by default) or use a license.
The admin can recover deleted endpoints in case of mistakes with deletion. To facilitate this, a few core pieces of Sophos software will be left in place, these can be removed by the end user if they wish (the admin would then need to do a full reinstall to “recover” the machine though).